# Macrium Security Advisory: CVE-2025-53394 & CVE-2025-53395

Published: 31 July 2025

Affected products:

- • [CVE-2025-53394](https://www.cve.org/CVERecord?id=CVE-2025-53394): Macrium Reflect X and older, Macrium Reflect 8.1, Macrium Reflect LTSC 2024
- • [CVE-2025-53395](https://www.cve.org/CVERecord?id=CVE-2025-53395): Macrium Reflect X and older, Macrium Reflect 8.1, Macrium Reflect LTSC 2024, Site Manager 8.1, SiteManager Platform

See the tables below for patch release


- - -


### Summary

We were recently made aware of two security vulnerabilities that affect image mounting.

If a user mounted a backup file, after accepting the UAC prompt, this could cause a malicious file (called explorer.exe) or DLL (called vsssvr.dll) in the same directory to be executed. To resolve these vulnerabilities, we have released updates to the relevant supported versions of Macrium’s software to add security enhancements.

We recommend all customers update to the patched versions listed below.

### Details:

CVS Base Score: 7.7 (High)

CVS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:L/MAC:L/MPR:H/MUI:R/MS:C/MC:H/MI:H/MA:H

**CVE-2025-53394 - Vulnerability related to image mounting and Windows Shell integration.** 

- • Affected products: Macrium Reflect X and older, Macrium Reflect 8.1, Macrium Reflect LTSC 2024 (Not Affected: SiteManager Platform) 
- • What this means: A malicious file could be placed in the same folder as a Reflect backup by an attacker, which could be launched with administrator privileges when the backup image is mounted.

This has been resolved in the following security patch releases:
&nbsp;
|     |     |     |     |
| --- | --- | --- | --- |
| **Edition** | **Build Number** | **Date** | **Release Notes** |
| Macrium Reflect 8.1 (Home, Workstation, Server, Server Plus, Technician’s License, Deployment Kit) | v8.1.8595 | 25th June 2025 | [Release Notes](https://updates.macrium.com/reflect/v8/v8.1.8595/details8.1.8595.htm) |
| Macrium Reflect LTSC 2024 (Workstation, Server, Server Plus) | v8.1.8620 | 28th July 2025 | [Release Notes](https://update.macrium.com/Reflect/v8/v8.1.8620/details8.1.8620.htm) |
| Macrium Reflect X (Including Home, Workstation, Server, Technician’s License, Deployment Kit) | v10.0.8576 | 19th May 2025 | [Release Notes](https://updates.macrium.com/reflect/v10/v10.0.8576/details10.0.8576.htm) |


**CVE-2025-53395 - Vulnerability related to image mounting and VSSSvr.dll.**


- • Affected Products: Macrium Reflect X and older, Macrium Reflect 8.1, Macrium Reflect LTSC 2024, Site Manager 8.1, SiteManager Platform
- • What this means: This vulnerability could allow a locally placed, malicious DLL (named VSSSvr.dll) to be loaded with administrator privileges when a user mounts a backup.

This has been resolved with the following security patch releases:
&nbsp;
|     |     |     |     |
| --- | --- | --- | --- |
| **Edition** | **Build Number** | **Date** | **Release Notes** |
| Macrium Reflect 8.1 (Home, Workstation, Server, Server Plus, Technician’s License, Deployment Kit) | v8.1.8595 | 25th June 2025 | [Release Notes](https://updates.macrium.com/reflect/v8/v8.1.8595/details8.1.8595.htm) |
| Site Manager 8.1 (Including SiteDeploy) | v8.1.8602 | 3rd July 2025 | [Release Notes](https://updates.macrium.com/reflect/v8/v8.1.8602/detailsMD8.1.8602.md) |
| Macrium Reflect LTSC 2024 (Workstation, Server, Server Plus) | v8.1.8620 | 28th July 2025 | [Release Notes](https://update.macrium.com/Reflect/v8/v8.1.8620/details8.1.8620.htm) |
| Macrium Reflect X (Including Home, Workstation, Server, Technician’s License, Deployment Kit) | v10.0.8576 | 19th May 2025 | [Release Notes](https://updates.macrium.com/reflect/v10/v10.0.8576/details10.0.8576.htm) |
| SiteManager Platform (Including SiteBackup and SiteDeploy) | v10.0.8581 | 29th May 2025 | [Release Notes](https://updates.macrium.com/reflect/v10/v10.0.8581/detailsMD10.0.8581.md) |


If you are running a version older than those listed, we recommend you update to the latest edition.

#### Credit:

Thank you to Tingyu Ren, Beijing Institute of Technology, for bringing this to our attention.

large_macrium-security-notice.jpg

medium_macrium-security-notice.jpg

small_macrium-security-notice.jpg

thumbnail_macrium-security-notice.jpg

macrium-security-notice.jpg

We were recently made aware of two security vulnerabilities that affect image mounting. 

Macrium Security Advisory: CVE-2025-53394 & CVE-2025-53395

We were recently made aware of two security vulnerabilities that affect image mounting. 
If a user mounted a backup file, after accepting the UAC prompt, this could cause a malicious file or DLL in the same directory to be executed.


# How to Clone a Disk with Macrium Reflect X: Your Complete Guide

&nbsp;

When your hard drive starts making unusual noises or you're finally ready to upgrade to that SSD you've been considering, disk cloning becomes an essential skill. While you're here though, remember that regular backups are your best defense against unexpected data loss - but more on that later. 

The good news? With [Macrium Reflect X](/products/home), the process is more straightforward than you might expect.

Disk cloning creates an exact 1:1 copy of partitions from one disk to another. It's particularly valuable when you need to move your operating system to new hardware without reinstalling everything from scratch - a scenario that saves both time and potential headaches.

&nbsp;

## Common Use Cases for Disk Cloning

The most frequent reason people clone disks is upgrading to larger or faster storage. Whether you're moving from a traditional hard drive to an SSD or simply need more space, cloning preserves your entire system setup while making the transition seamless.
Identifying Your Source Disk

Before beginning the cloning process, you'll need to identify which disk contains the data you want to copy. For operating system moves, look for the disk containing system partitions—these are marked with Windows icons in Macrium Reflect X, making identification straightforward.

&nbsp;



## The Cloning Process

### Step 1: Selecting Your Destination

To start cloning, select 'Clone' under the source disk. The wizard will guide you through choosing your destination disk. This is where careful attention becomes important.

&nbsp;

## Understanding the Process

Cloning is what we call a destructive process - existing partitions on the destination disk will be overwritten when source partitions are copied. We strongly recommend verifying that you've selected the correct destination disk, as errors can result in unintended data loss.

If you're uncertain about data on the destination disk that might be needed later, consider creating a disk image first. This precautionary step can save considerable trouble if you need to recover anything afterward.

### Step 2: Copying Partitions

Once you've selected your destination, you have several options for copying partitions:

Automatic Copying: The 'Copy Partitions' button handles everything automatically, copying all partitions while intelligently adjusting sizes. It will shrink partitions to fit smaller disks or expand them to utilize all available space on larger ones.

Manual Control: For more precise control, use 'Delete Partition' or 'Erase Disk' to prepare the destination, then drag and drop partitions individually. 

This approach allows you to reorder partitions during the copy process.

The 'Fill Space' and 'Float' buttons help adjust partition sizes and locations as needed. Don't worry about making mistakes during setup—the 'Undo' button lets you reverse any changes, and nothing is final until the clone actually begins.

### Step 3: Scheduling Options

The next screen offers scheduling options for future automatic clones. This feature is useful if you want to maintain an up-to-date duplicate of your source disk - essentially keeping a ready-to-use backup drive.

For most upgrade scenarios, scheduling isn't necessary since this is typically a one-time operation.

### Step 4: Final Review

The summary page displays all clone operation details. This is your opportunity to verify everything is configured correctly. Taking a moment to review these settings can prevent issues later.

Click 'Finish' to begin the clone. If the operation will remove existing partitions from the destination disk, you'll receive a confirmation prompt to ensure you want to proceed.

Monitoring Progress: The progress window displays the clone status as it proceeds. The time required depends on the amount of data being copied and the speed of your storage devices.

Completion: Once cloning finishes, you can return to the 'Create Backups' tab to see both disks now contain identical data. If you cloned to a larger disk, you'll notice the partitions have expanded to utilize the additional space available.

&nbsp;

## Think Beyond Cloning

While disk cloning is excellent for upgrades and system migrations, it serves a different purpose than regular backups. Cloning is ideal for moving your entire system from one drive to another, while backups provide ongoing protection against data loss from various causes.

For comprehensive data protection, we recommend establishing [regular backup schedules](/what-is-321-backup-strategy) alongside using cloning for specific upgrade or migration needs. This combination ensures you're prepared for both planned transitions and unexpected situations - because while cloning handles the big moves, backups keep your data safe from life's daily digital surprises.

&nbsp;

## Need Assistance?

Questions about cloning or curious about backup strategies? Our team is here to help with both the technical bits and the bigger picture. [Contact our support team](/contact).



thumbnail_how-to-clone-a-disk-reflect-x

how-to-clone-a-disk-reflect-x

Learn how to clone your disk with Macrium Reflect X. Step-by-step guide for moving your OS to new drives safely - plus why backups matter too.

Cart

Macrium Software

Macrium Security Advisory: CVE-2025-53394 & CVE-2025-53395

Summary

Details:

Credit:

Latest Blog Post

Latest Video

Need Help?

Currency for Pricing


Edition	Build Number	Date	Release Notes
Macrium Reflect 8.1 (Home, Workstation, Server, Server Plus, Technician’s License, Deployment Kit)	v8.1.8595	25th June 2025	Release Notes
Macrium Reflect LTSC 2024 (Workstation, Server, Server Plus)	v8.1.8620	28th July 2025	Release Notes
Macrium Reflect X (Including Home, Workstation, Server, Technician’s License, Deployment Kit)	v10.0.8576	19th May 2025	Release Notes